CentOS Web Panel 0.9.8.789 - NameServer Field Persistent Cross-Site Scripting

🗓️ 29 Mar 2019 00:00:00Reported by DKMType

CentOS Web Panel 0.9.8.789 NameServer Persistent XS

Reporter	Title	Published	Views	Family All 9
0day.today	CentOS Web Panel 0.9.8.789 - NameServer Field Persistent Cross-Site Scripting Vulnerability	29 Mar 201900:00	–	zdt
CNVD	CentOS Web Panel Cross-Site Scripting Vulnerability (CNVD-2019-14092)	2 Apr 201900:00	–	cnvd
CVE	CVE-2019-10261	3 Apr 201914:07	–	cve
Cvelist	CVE-2019-10261	3 Apr 201914:07	–	cvelist
EUVD	EUVD-2019-2264	7 Oct 202500:30	–	euvd
exploitpack	CentOS Web Panel 0.9.8.789 - NameServer Field Persistent Cross-Site Scripting	29 Mar 201900:00	–	exploitpack
NVD	CVE-2019-10261	3 Apr 201915:29	–	nvd
Packet Storm	CentOS Web Panel 0.9.8.789 Cross Site Scripting	29 Mar 201900:00	–	packetstorm
Prion	Cross site scripting	3 Apr 201915:29	–	prion

# Exploit Title: CentOS Web Panel 0.9.8.789 - NameServer Field Stored Cross-Site Scripting Vulnerability
# Google Dork: N/A
# Date: 28 - March - 2019
# Exploit Author: DKM
# Vendor Homepage: http://centos-webpanel.com
# Software Link: http://centos-webpanel.com
# Version: 0.9.8.789
# Tested on: CentOS 7
# CVE : CVE-2019-10261

# Description:
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.789 is vulnerable to Stored/Persistent XSS for the "Name Server 1" and "Name Server 2" fields via "DNS Functions" for "Edit Nameservers IPs" action. This is because the application does not properly sanitize the users input.


# Steps to Reproduce:
1. Login into the CentOS Web Panel using admin credential.
2. From Navigation Click on "DNS Functions" -> then Click on "Edit Nameservers IPs"
3. In "Name Server 1" and "Name Server 2" field give simple payload as: <script>alert(1)</script> and Click Save Changes
4. Now one can see that the XSS Payload executed and even accessing the home page Stored XSS for nameservers executes.

29 Mar 2019 00:00Current

5.2Medium risk

Vulners AI Score5.2

CVSS 23.5

CVSS 34.8

EPSS0.00582